ServiceNow to Azure AD User & Group Provisioning Issues not properly maintaining group memberships
We are having issues with our ServiceNow to Azure AD Integration. In particular, the current issue that we are experiencing is with Provisioning of Groups, and Group Memberships. It does not seem that when users are added (or removed) that the group memberships are keeping synced in ServiceNow with what is in Azure AD. This is problematic for us as we use these groups for access and notifications etc.
We would think with ServiceNow & Microsoft's partnership, these integrations would be very well documented. Maybe they are, and I am just not finding the correct documentation.
Example: one of our groups in Azure AD and in ServiceNow. I got a call today as someone did not have access to an Application. When I went into Azure AD, she is listed as a member of the Group. When I look at the group in ServiceNow, she is not.
So when this happens, what we will usually do (Not sure if this is best practice or not) is to do a Provision on Demand in Azure AD to see if it will sync and bring the members over. However, when you just sync the group, it only brings over the group, and no members. If you select members (and can only select up to 5 when provisioning on demand) we are getting an error. "Provision on demand. This required credential was not provided: BaseAddress". What credential is it asking for, and where do you provide this?
We need to find out why the syncs are not working properly. Is that the way to manually sync group members to a group?
Are there any best practices or doc on this integration to review and make sure we are configured correctly? This has been very time-consuming for us trying to troubleshoot and fix. LDAP was very accurate and worked! Would appreciate any assistance we could get as we have a case open with SN & Microsoft as well, but we have not heard back from them yet.
Thanks,
-Eric